Add `--cvss-fail-threshold`

[lread]

See README for general description.

New option is mutually exclusive to --fail-on-result; if both are specified, clj-watson fails fast with usage error and help.

Conservatively derives score when missing or suspicious looking:

• When severity is available, conservatively converts to score
• Since we don't know if if score is CVSS2 or CVSS3/4 derives, High and Critical to 10.0, Medium and Low are converted to upper bound of their ranges.
• The experimental github-advisory strategy seems to regularly populate score with 0.0 but with a valid looking severity; we treat a score of 0.0 as suspicious.
• I've not seen cases of invalid severities in the wild, but we handle them just the same, when we can't make sense of things we derive to the most critical score which is 10.0.

Also:

• factored out table support from cli-spec ns to new table ns to reuse it for summary table.
• renamed summarize fn to final-summary to better distinguish from our new summary fn
• a new utils ns for assoc-some fn (cribbed clj-kondo which cribbed from medley).

Closes #114

[lread]

Thanks for taking a peek @coyotesqrl. I think this matches what we discussed. If you have any other feedback, happy to hear it!

[lread]

@seancorfield when you have some time and some interest, this PR awaits your review.

[seancorfield]

Sorry, last week got completely derailed which was when I said I would review this...

[lread]

Thanks! And no problem @seancorfield, I understand that folks get busy and distracted!